BleepingComputer reports that Romanian ransomware group Diskstation, which has been targeting Synology network-attached storage devices worldwide since 2021, has been disrupted as part of the Europol-coordinated Operation Elicius initiative, which involved Italian, Romanian, and French law enforcement agencies.
Attacks by Diskstation gang, also known as Quick Security, 7even Security, Umbrella Security, and LegendaryDisk Security, were able to compromise multiple Lombardy organizations' systems through the exploitation of internet-exposed Synology NAS devices, according to officials. "These companies had experienced encryption of data on their IT systems, resulting in the complete 'paralysis' of their production processes," said Italy's Postal and Cybersecurity Police Service, which noted that impacted organizations had been demanded significant amounts of cryptocurrency as ransom. Additional investigation into the ransom payments allowed the tracking and arrest of suspected Diskstation members, including its alleged Romanian operator, who has already been indicted for extortion and unauthorized computer system access. Organizations have been urged to better protect NAS devices by restricting internet and VPN access, as well as ensuring the implementation of timely firmware.
Attacks by Diskstation gang, also known as Quick Security, 7even Security, Umbrella Security, and LegendaryDisk Security, were able to compromise multiple Lombardy organizations' systems through the exploitation of internet-exposed Synology NAS devices, according to officials. "These companies had experienced encryption of data on their IT systems, resulting in the complete 'paralysis' of their production processes," said Italy's Postal and Cybersecurity Police Service, which noted that impacted organizations had been demanded significant amounts of cryptocurrency as ransom. Additional investigation into the ransom payments allowed the tracking and arrest of suspected Diskstation members, including its alleged Romanian operator, who has already been indicted for extortion and unauthorized computer system access. Organizations have been urged to better protect NAS devices by restricting internet and VPN access, as well as ensuring the implementation of timely firmware.
